CVE-2018-6219

MEDIUM

Trendmicro Email Encryption Gateway - Improper Certificate Validation

Title source: rule

Description

An Insecure Update via HTTP vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to eavesdrop and tamper with certain types of update data.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Core Security · textwebappsjsp

https://www.exploit-db.com/exploits/44166

View Code ZIP pw:eip

References (3)

[Vendor Advisory] https://success.trendmicro.com/solution/1119349

[Exploit, Technical Description, Third Party Advisory] https://www.coresecurity.com/advisories/trend-micro-email-encryption-gateway-multiple-vulnerabilities

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/44166/

Scores

CVSS v3 6.5

EPSS 0.0143

EPSS Percentile 80.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Classification

CWE

CWE-295

Status published

Affected Products (1)

trendmicro/email_encryption_gateway

Timeline

Published Mar 15, 2018

Tracked Since Feb 18, 2026